diff options
| -rw-r--r-- | sys/boot/secure-boot.nix | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/sys/boot/secure-boot.nix b/sys/boot/secure-boot.nix index bdf7f0f..3e874c3 100644 --- a/sys/boot/secure-boot.nix +++ b/sys/boot/secure-boot.nix @@ -1,10 +1,20 @@ { config, lib, pkgs, ... }: with lib; let cfg = config.local.boot.secureBoot; + + pkiBundle = + if cfg.legacyPath + then "/etc/secureboot" + else "/var/lib/sbctl"; in { options.local.boot.secureBoot = { enable = mkEnableOption "secure boot"; + + legacyPath = mkOption { + type = types.bool; + default = false; + }; }; config = mkIf cfg.enable { @@ -24,7 +34,7 @@ in lanzaboote = { enable = true; - pkiBundle = "/etc/secureboot"; + inherit pkiBundle; }; }; @@ -32,6 +42,6 @@ in pkgs.sbctl ]; - local.boot.impermanence.directories = [ "/etc/secureboot" ]; + local.boot.impermanence.directories = [ pkiBundle ]; }; } |